We are seeing a great deal of interest in desktop virtualisation from all sectors of industry and all sizes of business. In the last few months the numbers of businesses considering or actually starting a pilot in this space seems to have shot up and if even half of those pilots result in substantive roll-outs, then 2012 will be a very big year for desktop virtualisation.
Why are organisations looking to VDI and what are they expecting to get out of it?
Operational cost savings
Despite what much of the industry is saying, there are operational cost savings to be had by virtualising your desktops. However:-
– this is a complex technology and you are unlikely to achieve them without specialist help,
– a number of the services and solutions out there are over-priced,
– the savings are hard to tie-down because the virtualised desktop model is so different to the PC model that the costs savings will occur in ways that may make it hard for the business to measure or even realise them.
Allow me to give you a brief illustration of the complexity point, which also reflects on the second point about pricing in the market. In a recent conversation with a prospective client, I was told that “full-fat” VDI (where each user is assigned a dedicated virtual machine) had been considered and rejected because of the cost. This client had completed a proof of concept that showed they could stack 20 users per blade with VDI and couldn’t make the business case work at that level. When I told him that Molten Technologies is able to stack between 50 and 100 users per blade he was incredulous. Even some of the big established players are failing to tune VDI to make it as cost effective as it can be and this sort of metric (users per blade) is critical to keeping the costs under control.
Taking the last point about savings being hard to measure or realise, let me give you three examples…
First is the client who manages their PC estate with an outsourced model. They have a contract with their outsourcing partner that includes a support price per desktop which was signed up to by both parties using PC benchmarks. Because their contract is set and VDI benchmarks in this area are immature, the saving never flows back to the business, it remains with the outsource partner.
Second is the organisation that recognises that a well run VDI solution will make 75% power savings over a PC estate, even when the thin client and the servers in the data centre are taken into account. However, because power usage is an office cost, rather than an IT cost, they are unable to claim that saving in the business case.
Network cost is a third example; VDI enables the use of standard internet connections, in place of expensive internal LAN or WAN setup. Key applications and data can be protected more easily behind the firewall than an entire network, saving both infrastructure and ongoing management costs.
There are a number of other examples that I could use, but the over-riding message is that desktop virtualisation is a new model and the pure operational cost savings to justify it may not fit neatly into your existing financial budget lines. Combine this with the fact that many internal and external VDI implementations cost more than they need to, because it is a complex technology to really get right and you have a market impression that VDI is more expensive that a PC estate.
There are cost savings to be had through intelligent application of VDI, but an organisation needs to be prepared to look broadly at the potential savings and challenge existing budgetary and commercial models. Most organisations seem to be settling for a break-even business case on operational savings and then looking to other areas to justify VDI.
Agility is one of those words that require explanation to avoid misunderstandings, because it is possible to have a conversation about agility with both parties meaning entirely different things. There are several factors where VDI offers a better answer than PCs that tend to get grouped under the banner of agility:-
– Ability to access a desktop from different locations (e.g. when moving offices, occasional working from home or in business continuity situations)
– Ability to upgrade (or even downgrade to save money) desktop specification (memory, storage or processing)
– Flexible cost base with increasing or decreasing user numbers (especially if taken as an external service)
– Ability to upgrade the software more quickly and with more options around compatibility (e.g. Interim two desktops for big upgrades with one on each version of the operating system as the last few problematic apps work their way through comparability testing)
– Low cost and complexity of local infrastructure, both thin clients and networking (as the expensive corporate network can safely be replaced with an Internet connection)
– Ability to access a desktop from multiple devices, embracing the tidal wave of consumer devices without the cost of integrating or securing them
These sorts of drivers are particularly interesting to organisations that are planning or expecting major change (either IT or business related), growing rapidly and opening in new regions, organisations facing potential workforce reductions and those with many small offices or outlets.
Security and control
This is potentially the biggest driver in the market today. There are three inherent differences between PCs, particularly laptops, and VDI:-
– Physical location
– Physical access
– Network location
A laptop can be carried outside the safety of the corporate environment and carry sensitive data with it. It can then be left on a train, bus or in the back of a cab. Even with strong encryption, this still leaves a potential risk. A VDI solution, on the other hand, stays physically inside a secure data centre. A user can access it to do their job, but the data stays where it is, there is no data on the end-point device (which could be a thin-client, iPad, Android device, netbook or PC). Since there is never any data on the end-point, the data cannot be left in a non-secure environment.
A PC sits physically in front of the end-user bristling with connectivity, from physical ports to WIFI and even Bluetooth. All of these very useful communication capabilities represent security risks. The Stuxnet virus, for example, was spread using memory sticks, which utilise USB ports. A virtual PC is not physically accessible to the end user and it is very simple to lock-down the ports and even the copy/paste facilities between the virtual machine and end-point device. You can’t insert a memory stick or connect to it via Bluetooth and this is OK from a usability point of view because you can access it securely from any connected device, so you shouldn’t need to carry a memory stick with your data on it.
A laptop connects to insecure networks when outside of the office, risking viral infection and hacking, and then connects back to the corporate network, potentially bringing bad things with it. A virtual PC, on the other hand, never leaves the corporate network, permanently staying inside the firewall in the data centre. It cannot bring viruses in from the outside, because it never goes outside. The end-point device can be outside, but it’s only connection is via a remoting capability (like RDP), which is relatively easy to lock down.
These factors have lead some organisations to consider the creation of a “private data universe” in which sensitive data is always retained inside the corporate data centre, network and firewalls and individuals are allowed controlled access to the data only to do their job. Individuals are restricted from downloading it to a laptop or memory stick, emailing it or manipulating it outside of a specific application or applications. It is relatively simple to achieve this seemingly draconian measure using VDI. We simply create locked down VDI desktops with no internet access or email, no admin rights or other applications other than that which the business defines as necessary to do the job. Users may require another desktop of some sort for other purposes, but that would lack the access to sensitive data and allow email and Internet access. This sounds counter-intuitive, but consider its application to third party developers. Their employer provides them with a desktop to do their job and today a client might send them sensitive data and IP to allow them to develop and test, or might provide them with client PCs with access to the corporate network. Now consider that the client sends them no data whatsoever, but rather creates them a VDI log-in to a fully-locked down virtual machine as I have described. The third party and its employees can use their own desktop for email and Internet and the client VDI for the sensitive development work, but the two are kept separated securely. The third party cannot “leak” IP, nor can the individuals copy sensitive data, because they only have sufficient access to do their job, they never actually have the data or IP.
This can be a bit niche and I get some push-back on this point, but it is out there in the Market so I will mention it briefly. There are three inherent aspects of VDI that give the potential for much greater performance than can be achieved by a PC:-
– Carrier-grade back-end connectivity (possibly inside the same data centre, almost certainly with better connectivity than you would find in an office).
– Resource allocation (because the virtual machines are running on powerful blades, it is possible to specify a great deal of resource to each user, if you have specialist users for whom performance is more important than cost. We see this in real-time trading environments, for example).
– Resource pooling (because there are typically many virtual machines running on each blade and most users only stress their machines intermittently. Of course, this depends how you set it up and you may choose to stack the maximum number of users per blade to balance this with cost saving).
Virtual desktops can support a green agenda in a number of ways:-
– Power savings
– Extending the life of desktop hardware
– Reducing the number of devices in circulation
Power savings calculation is a tough area because different solutions will have different maths, but if we look at Molten Technologies’ DaaS offering specifically then I can say with confidence that a typical thin client combined with our data centre stack would drive a power saving in the region of 75% as compared to a typical desktop PC. This is likely to be high compared to other solutions because we have achieved a higher density of users per blade than many others (IOPs is the key, by the way), but most solutions will result in some power savings.
Extending the life of the desktop hardware can take two forms, either VDI can be implemented using existing desktop hardware (e.g. VDI is deployed at Windows 7 and accessed for a while from the existing XP physical estate before thin clients are rolled out) or it can be as simple as recognizing that the average thin client lasts longer than the average PC because it has no moving parts (like a hard drive or a fan).
Reducing the number of devices in circulation is a whole area of debate in its own right and can stretch from consumerisation and bring your own computing (BYO) to contractors and third parties that so often carry two laptops today (one their own or that of their employer and one belonging to their client, so they can be securely given access to the client network). Suffice to say here that many people have several devices for various reasons and VDI offers a way of rationalizing somewhat.
Green computing is rarely the primary driver for VDI, but it is often a secondary and helpful element to the business case.
The more I talk the implications of virtual desktops through with clients and prospects, the more new implications, applications and benefits we find. It is clear to me that desktop virtualisation is going to have a major impact on the way we think about and deploy computing within business and we have only started to scratch the surface.